package com.microsoft.identity.client;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.content.Context;
import android.os.Binder;
import android.os.Bundle;
import android.text.TextUtils;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.util.StringExtensions;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ErrorStrings;
import com.microsoft.identity.common.internal.broker.IntuneMAMEnrollmentIdGateway;
import com.microsoft.identity.common.internal.cache.BrokerOAuth2TokenCache;
import com.microsoft.identity.common.internal.cache.CacheRecord;
import com.microsoft.identity.common.internal.cache.ICacheRecord;
import com.microsoft.identity.common.internal.cache.SchemaUtil;
import com.microsoft.identity.common.internal.commands.parameters.BrokerSilentTokenCommandParameters;
import com.microsoft.identity.common.internal.dto.AccountRecord;
import com.microsoft.identity.common.internal.dto.IAccountRecord;
import com.microsoft.identity.common.internal.dto.IdTokenRecord;
import com.microsoft.identity.common.internal.logging.Logger;
import com.microsoft.identity.common.internal.migration.TokenCacheItemMigrationAdapter;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftAccount;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftRefreshToken;
import com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.AzureActiveDirectory;
import com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.AzureActiveDirectoryCloud;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsAuthorizationRequest;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsOAuth2Strategy;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsTokenResponse;
import com.microsoft.identity.common.internal.util.StringUtil;
import com.microsoft.workaccount.authenticatorservice.KeyHandler;
import com.microsoft.workaccount.authenticatorservice.ReencryptionManager;
import com.microsoft.workaccount.workplacejoin.AccountManagerStorageHelper;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes2.dex */
public class BrokerUtils {
    private static final String TAG = "com.microsoft.identity.client.BrokerUtils";

    public static Bundle createHelloResultBundle(Bundle bundle) {
        String string = bundle.getString(AuthenticationConstants.Broker.CLIENT_ADVERTISED_MAXIMUM_BP_VERSION_KEY);
        String string2 = bundle.getString(AuthenticationConstants.Broker.CLIENT_CONFIGURED_MINIMUM_BP_VERSION_KEY);
        Logger.info(TAG + "#createHelloResultBundle", "Calling app broker protocol version: " + string + "\nCalling app required broker protocol version: " + string2 + "\nBroker app protocol version: 5.0");
        if (StringUtil.compareSemanticVersion("5.0", string) != -1) {
            Logger.info(TAG + "#createHelloResultBundle", "Connection OK\nCommon protocol version: " + string);
            Bundle bundle2 = new Bundle();
            bundle2.putString(AuthenticationConstants.Broker.NEGOTIATED_BP_VERSION_KEY, string);
            return bundle2;
        }
        if (StringUtil.isEmpty(string2) || !(StringUtil.isEmpty(string2) || StringUtil.compareSemanticVersion(string2, "5.0") == 1)) {
            Logger.info(TAG + "#createHelloResultBundle", "Connection OK\nNegotiated protocol version: 5.0");
            Bundle bundle3 = new Bundle();
            bundle3.putString(AuthenticationConstants.Broker.NEGOTIATED_BP_VERSION_KEY, "5.0");
            return bundle3;
        }
        Logger.warn(TAG + "#createHelloResultBundle", "Connection DISALLOWED\nBroker app protocol version is below: " + string2);
        Bundle bundle4 = new Bundle();
        bundle4.putString("error", ErrorStrings.UNSUPPORTED_BROKER_VERSION_ERROR_CODE);
        bundle4.putString("error_description", ErrorStrings.UNSUPPORTED_BROKER_VERSION_ERROR_MESSAGE);
        return bundle4;
    }

    public static void deletePRT(Account account, Context context) {
        new KeyHandler(context).deletePRT(account);
    }

    public static String getAccountUpnFromCache(Context context, AccountManagerStorageHelper accountManagerStorageHelper, String str, String str2, int i) {
        IAccountRecord accountWithLocalAccountId = BrokerClientApplication.getInstance(context).getAccountWithLocalAccountId(str, str2, i, context);
        if (accountWithLocalAccountId != null && !TextUtils.isEmpty(accountWithLocalAccountId.getUsername())) {
            String username = accountWithLocalAccountId.getUsername();
            Logger.info(TAG, "Account found in unified cache, username retrieved");
            return username;
        }
        Logger.infoPII(TAG, "Account not find in unified cache, trying to get username from Account manager cache for uid: " + str);
        for (Account account : getAllWorkAccounts(context)) {
            String accountHomeAccountId = accountManagerStorageHelper.getAccountHomeAccountId(account);
            String accountUserIdList = accountManagerStorageHelper.getAccountUserIdList(account);
            Logger.infoPII(TAG, "Comparing the user id to match the home account Id :" + accountHomeAccountId + " or local account id :" + accountUserIdList);
            if ((!TextUtils.isEmpty(accountHomeAccountId) && accountHomeAccountId.contains(str)) || (!TextUtils.isEmpty(accountUserIdList) && accountUserIdList.contains(str))) {
                String str3 = account.name;
                Logger.info(TAG, "Account found in AccountManager cache, username retrieved");
                return str3;
            }
        }
        return "";
    }

    public static Account[] getAllWorkAccounts(Context context) {
        return AccountManager.get(context).getAccountsByType("com.microsoft.workaccount");
    }

    public static CacheRecord getCacheRecordFromWPJAccount(Context context, String str) {
        AccountManagerStorageHelper accountManagerStorageHelper = new AccountManagerStorageHelper(context);
        Account wPJAccount = accountManagerStorageHelper.getWPJAccount();
        if (wPJAccount == null) {
            Logger.info(TAG + ":getCacheRecordFromWPJAccount", "No WPJ account, cache record cannot be added ");
            return null;
        }
        String pRTAuthority = accountManagerStorageHelper.getPRTAuthority(wPJAccount);
        String environmentFromAuthority = TextUtils.isEmpty(pRTAuthority) ? null : getEnvironmentFromAuthority(pRTAuthority);
        String accountHomeTenantId = accountManagerStorageHelper.getAccountHomeTenantId(wPJAccount);
        String accountHomeAccountId = accountManagerStorageHelper.getAccountHomeAccountId(wPJAccount);
        AccountRecord accountRecord = new AccountRecord();
        accountRecord.setUsername(wPJAccount.name);
        accountRecord.setRealm(accountHomeTenantId);
        accountRecord.setHomeAccountId(accountHomeAccountId);
        accountRecord.setLocalAccountId(BrokerOperationParametersUtils.getUIdFromHomeAccountId(accountHomeAccountId));
        accountRecord.setAuthorityType(MicrosoftAccount.AUTHORITY_TYPE_V1_V2);
        accountRecord.setFirstName(accountManagerStorageHelper.getAccountGivenName(wPJAccount));
        accountRecord.setName(accountManagerStorageHelper.getAccountGivenName(wPJAccount));
        accountRecord.setFamilyName(accountManagerStorageHelper.getAccountFamilyName(wPJAccount));
        accountRecord.setEnvironment(environmentFromAuthority);
        String prtIdToken = accountManagerStorageHelper.getPrtIdToken(wPJAccount);
        IdTokenRecord idTokenRecord = new IdTokenRecord();
        idTokenRecord.setHomeAccountId(accountHomeAccountId);
        idTokenRecord.setRealm(accountHomeTenantId);
        idTokenRecord.setCredentialType(SchemaUtil.getCredentialTypeFromVersion(prtIdToken));
        idTokenRecord.setSecret(prtIdToken);
        idTokenRecord.setAuthority(pRTAuthority);
        idTokenRecord.setClientId(str);
        idTokenRecord.setEnvironment(environmentFromAuthority);
        CacheRecord cacheRecord = new CacheRecord();
        cacheRecord.setAccount(accountRecord);
        cacheRecord.setIdToken(idTokenRecord);
        return cacheRecord;
    }

    public static List<ICacheRecord> getCacheRecordListFromBrokerCache(String str, String str2, Context context, int i, String str3) throws ClientException {
        if (StringUtil.isEmpty(str) || StringUtil.isEmpty(str2)) {
            throw new ClientException("invalid_request", "The client ID or redirectUrl is empty. Unable to retrieve the accounts from broker.");
        }
        BrokerOAuth2TokenCache<MicrosoftStsOAuth2Strategy, MicrosoftStsAuthorizationRequest, MicrosoftStsTokenResponse, MicrosoftAccount, MicrosoftRefreshToken> brokerCache = BrokerClientApplication.getInstance(context).getBrokerCache(context, i);
        ArrayList arrayList = new ArrayList();
        if (brokerCache.isClientIdKnownToCache(str)) {
            arrayList.addAll(brokerCache.getAccountsWithAggregatedAccountData(str3, str));
        } else {
            List<ICacheRecord> fociCacheRecords = brokerCache.getFociCacheRecords();
            if (fociCacheRecords.size() > 0) {
                Logger.info(TAG + ":getCacheRecordListFromBrokerCache", "There is (are) [" + fociCacheRecords.size() + "] Foci in the broker cache.");
                CacheRecord cacheRecord = (CacheRecord) fociCacheRecords.get(0);
                Iterator<ICacheRecord> it = fociCacheRecords.iterator();
                while (it.hasNext()) {
                    CacheRecord cacheRecord2 = (CacheRecord) it.next();
                    if (Long.parseLong(cacheRecord2.getRefreshToken().getCachedAt()) > Long.parseLong(cacheRecord.getRefreshToken().getCachedAt())) {
                        cacheRecord = cacheRecord2;
                    }
                }
                try {
                    if (TokenCacheItemMigrationAdapter.tryFociTokenWithGivenClientId(brokerCache, str, str2, cacheRecord)) {
                        arrayList.addAll(fociCacheRecords);
                    } else {
                        Logger.info(TAG + ":getCacheRecordListFromBrokerCache", "The calling app is not able to use the foci in broker.");
                    }
                } catch (ClientException e) {
                    Logger.warn(TAG + ":getCacheRecordListFromBrokerCache", "Unable to verify the foci. Error message: " + e.getMessage() + " Error code: " + e.getErrorCode());
                    throw e;
                } catch (IOException e2) {
                    Logger.warn(TAG + ":getCacheRecordListFromBrokerCache", "Unable to verify the foci.");
                    throw new ClientException("io_error", e2.getMessage());
                }
            }
        }
        return arrayList;
    }

    public static String getCallingPackageName(Context context) {
        String[] packagesForUid = context.getPackageManager().getPackagesForUid(Binder.getCallingUid());
        if (packagesForUid != null) {
            return packagesForUid[0];
        }
        return null;
    }

    public static String getEnvironmentFromAuthority(String str) {
        try {
            URL url = new URL(str);
            AzureActiveDirectoryCloud azureActiveDirectoryCloud = AzureActiveDirectory.getAzureActiveDirectoryCloud(url);
            if (azureActiveDirectoryCloud == null) {
                return url.getHost();
            }
            String preferredCacheHostName = azureActiveDirectoryCloud.getPreferredCacheHostName();
            Logger.info(TAG + ":getEnvironmentFromAuthority", "Using preferred cache host name...");
            Logger.infoPII(TAG + ":getEnvironmentFromAuthority", "Preferred cache hostname: [" + preferredCacheHostName + "]");
            return preferredCacheHostName;
        } catch (MalformedURLException e) {
            Logger.error(TAG + ":getEnvironmentFromAuthority", "Malformed authority", e);
            return null;
        }
    }

    public static String getMicrosoftEnrollmentId(BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters) throws UnsupportedEncodingException {
        Logger.info(TAG + ":getMicrosoftEnrollmentId", "Attempting to get Microsoft Enrollment id ");
        String localAccountId = brokerSilentTokenCommandParameters.getLocalAccountId();
        if (TextUtils.isEmpty(localAccountId)) {
            Logger.info(TAG + ":getMicrosoftEnrollmentId", "Local account id is empty, attempting get user id from home account id");
            localAccountId = BrokerOperationParametersUtils.getUIdFromHomeAccountId(brokerSilentTokenCommandParameters.getHomeAccountId());
        }
        if (TextUtils.isEmpty(localAccountId)) {
            Logger.warn(TAG + ":getMicrosoftEnrollmentId", "uid is empty or null, cannot get enrollment id");
            return null;
        }
        String enrollmentId = IntuneMAMEnrollmentIdGateway.getInstance().getEnrollmentId(brokerSilentTokenCommandParameters.getAndroidApplicationContext(), localAccountId, brokerSilentTokenCommandParameters.getCallerPackageName());
        if (TextUtils.isEmpty(enrollmentId)) {
            Logger.info(TAG + ":getMicrosoftEnrollmentId", "Device not enrolled as IntuneMAMEnrollment returned an empty or null enrollment id");
            return null;
        }
        String urlFormEncode = StringExtensions.urlFormEncode(enrollmentId);
        Logger.info(TAG + ":getMicrosoftEnrollmentId", "Enrollment id successfully retrieved, adding to token request");
        return urlFormEncode;
    }

    public static boolean isCallingAppBroker(String str) {
        return str.equalsIgnoreCase("com.azure.authenticator") || str.equalsIgnoreCase("com.microsoft.windowsintune.companyportal");
    }

    public static boolean isValidCallerPackage(Context context, String str) {
        String[] packagesForUid = context.getPackageManager().getPackagesForUid(Binder.getCallingUid());
        if (packagesForUid != null) {
            for (String str2 : packagesForUid) {
                if (str.equalsIgnoreCase(str2)) {
                    return true;
                }
            }
        }
        return false;
    }

    public static void reEncryptDataIfNeeded(String str, Context context) {
        new ReencryptionManager(context).execute(str);
    }
}
